DevSecOps

zeronorth

The Need to Close the Cultural Divide Between Application Security and Developers

A security risk that many organizations are not dealing with is the cultural divide between application security and developers. In this research sponsored by ZeroNorth, we refer to the cultural divide as when AppSec and developers lack a common vision for delivering software capabilities required by the business—securely.

Research Reveals that 75% of AppSec Practitioners See a Growing Cultural Divide Between AppSec and Developers

New Study Reveals Cultural Divide between AppSec and Dev Teams Capable of Increasing Organizational Risk; Current COVID-19 Environment Contributes to Diminished Levels of Collaboration and Innovation.
zeronorth

How in the World Can CISOs Unite Security and DevOps?

For most companies today, software is what helps you compete. You have to roll out new products and services to satisfy customers, and you need to do it FAST. While it’s true DevOps has revolutionized development in terms of speed, capability and agility, the truth is security is having trouble keeping up. For CISOs and other security leaders, it’s no small task trying to ensure software development happens securely.

veracode

16% of Orgs Require Developers to Self-Educate on Security

Theoretical physicist Stephen Hawking was spot on when he said, “Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.” It’s no secret that programming is a thriving career path – especially with the speed of software development picking up, not slowing down.

veracode

Write Code That Protects Sensitive User Data

Sensitive data exposure is currently at number 3 in the OWASP Top 10 list of the most critical application security risks. In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. We will illustrate our suggestions with code samples in C# that can be used in ASP.NET Core applications. OWASP lists passwords, credit card numbers, health records, personal information and business secrets as sensitive data.

cloudpassage

DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps

In a DevOps environment, software and feature delivery happen in real time. Security, while critical to your company, cannot become a bottleneck. InfoSec and DevOps leadership are searching for the best ways to bridge the gap between their two organizations in order to better secure the application stack during development, deployment, and production operations.

veracode

Why Application Security is Important to Vulnerability Management

It was the day before a holiday break, and everyone was excited to have a few days off to spend with friends and family. A skeleton crew was managing the security operations center, and it seemed as though every other team left early to beat the holiday traffic. Every team other than the vulnerability management (VM) team that is. Just before it was time to leave for the day, and the holiday break, the phone rang.

veracode

AppSec Tools Proliferation Is Driving Investments to Consolidate

When it comes to application security (AppSec), it’s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs – so it’s necessary to employ a mix of testing types. A good way to think about AppSec testing types is to compare them to health exams. You wouldn’t have a cholesterol test and assume your annual physical was complete.

veracode

Gartner Summit: Balance Risk, Trust, and Opportunity in an Uncertain World

In light of the current pandemic, most organizations will be working remotely for the foreseeable future. But the increase in virtual operations has led to a higher volume of cyberattacks. Now, more than ever, it’s vital that your organization is armed with the industry’s best application security (AppSec) solutions. But how do you build and secure technology in an uncertain world? It’s a balancing act between risk, trust, and opportunity.